Finland is not sufficiently prepared for the cyber threat

The IT expert wonders why denial-of-service attacks on Finnish websites are not more open to the public.

– If the Finnish servers are already on their knees, then they are not properly prepared for the cyber threat that is being talked about and anticipated, Järvinen says. Mostphotos

The websites of the Finnish Ministry for Foreign Affairs and the Ministry of Defense were attacked last Friday. The ministry pages were down for a few hours.

– If the ministries have to push their pages down or if they crash, it says that the preparations are not right, IT expert Petteri Järvinen says.

According to Järvinen, the Ministry of Defense did not have a security program in place for CloudFare that can prevent intentional overloading of the site.

According to SecurityScorecard, a U.S. security company The botnet that disturbed the pages of Finnish ministries was the same that Russia has used against Ukraine and its ministries and banks. The company has named the botnet Zhadnost (Russian: žadnost), which means greed.

The secrecy wonders

More than 350 different IP addresses were used in the Finnish cyber attack. According to the company, more than 80 percent of the traffic to Finnish ministries came through hacked Mikrotik routers.

According to Järvinen, 350 devices are not a large number. Large denial-of-service attacks often have tens of thousands of machines.

In the case of Finland, this was an attack that disrupted ordinary https traffic and not a confirmation attack, which according to Järvinen could cause a huge bit stream on even a few dozen machines.

However, the company’s analysis lacked information on the strength of the bitstream, which according to Järvinen is the most important measure of a cyber attack.

The denial of service attack took place at the same time as the President of Ukraine Volodymyr Zelenskyi addressed the Finnish Parliament. Matti Matikainen

– The ultimate problem is that these are never told to the public and that amazes me a bit. I believe that the average Finn is more confused that there are mysterious and strange denial-of-service attacks that no one knows about. It would be less worrying to say openly what is known.

– After all, these can be no secrets and do not endanger Finland’s security.

Cyber ​​attacks can intensify

According to Järvinen, Finland has had experience of denial-of-service attacks on the authorities for twenty years, and therefore they should also be able to combat them.

– Of course, maybe the motive behind these is different and we have a new situation in defense policy, Järvinen thinks about the collapse of the ministries’ pages.

– If Finland’s servers are already on their knees, then they are not properly prepared for the cyber threat that is being talked about and anticipated. If this is just a prelude to much worse, I am a little worried about what will happen if Russia starts bombing Finland worse.

However, from Järvinen, it is possible that Russia has the capacity to carry out such a large-scale cyber attack that any site would crash.

According to the American company, as Finland continues its NATO process, it is likely that Russia’s cyber attacks will intensify.

– If history repeats itself, the next play in the playbook for Russian cyber threats would be the introduction of wiper-style attacks, possibly against critical infrastructure and government targets, the article says.

According to Järvinen, these must be prepared for and are a serious threat.

Too much credit in Finland

Denial-of-service attacks like last week are harmless and have mostly symbolic significance. Järvinen points out that if a denial of service attack is made on a service such as Suomi.fi authentication, as a few years ago, the situation will be more serious.

– Unfortunately, at least at the authority level, we have unnecessarily high self-confidence that we are all right. Let’s remember the maskigate and how the Finnish Security of Supply Center had to be top class.

As the attack on Finnish ministries was similar to the previous attack on Ukraine, Järvinen also believes that Russia was behind it.

The IP addresses of the harassment traffic were not located in Russia or Belarus. The most active bots were detected in Bangladesh and African countries.

– When you count one plus one when this happened under Zelensky’s speech, there is no reasonable doubt in it. While it was interesting that none of the attacking IP addresses were on Russian territory, conversely, it is more indicative of Russia’s guilt.

F-Secure’s Research Director Mikko Hyppönen told the Uncensored Päivärinta program how to prepare for cyber attacks. IL-TV

ttn-54